当前位置: 首页>>代码示例>>Python>>正文


Python ssl.OP_NO_TLSv1_1方法代码示例

本文整理汇总了Python中ssl.OP_NO_TLSv1_1方法的典型用法代码示例。如果您正苦于以下问题:Python ssl.OP_NO_TLSv1_1方法的具体用法?Python ssl.OP_NO_TLSv1_1怎么用?Python ssl.OP_NO_TLSv1_1使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在ssl的用法示例。


在下文中一共展示了ssl.OP_NO_TLSv1_1方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: __init__

# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def __init__(self, *args, **kwargs):
        self.ssl_context = kwargs.pop('ssl_context', None)
        self.cipherSuite = kwargs.pop('cipherSuite', None)
        self.source_address = kwargs.pop('source_address', None)

        if self.source_address:
            if isinstance(self.source_address, str):
                self.source_address = (self.source_address, 0)

            if not isinstance(self.source_address, tuple):
                raise TypeError(
                    "source_address must be IP address string or (ip, port) tuple"
                )

        if not self.ssl_context:
            self.ssl_context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
            self.ssl_context.set_ciphers(self.cipherSuite)
            self.ssl_context.set_ecdh_curve('prime256v1')
            self.ssl_context.options |= (ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1)

        super(CipherSuiteAdapter, self).__init__(**kwargs)

    # ------------------------------------------------------------------------------- # 
开发者ID:a4k-openproject,项目名称:a4kScrapers,代码行数:25,代码来源:cloudscraper.py

示例2: _get_default_ssl_context

# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def _get_default_ssl_context(self) -> '_ssl.SSLContext':
        if _ssl is None:
            raise RuntimeError('SSL is not supported.')

        try:
            import certifi
        except ImportError:
            cafile = None
        else:
            cafile = certifi.where()

        ctx = _ssl.create_default_context(
            purpose=_ssl.Purpose.SERVER_AUTH,
            cafile=cafile,
        )
        ctx.options |= (_ssl.OP_NO_TLSv1 | _ssl.OP_NO_TLSv1_1)
        ctx.set_ciphers('ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20')
        ctx.set_alpn_protocols(['h2'])
        try:
            ctx.set_npn_protocols(['h2'])
        except NotImplementedError:
            pass

        return ctx 
开发者ID:vmagamedov,项目名称:grpclib,代码行数:26,代码来源:client.py

示例3: conn

# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def conn(self):
        try:
            if self.ssl:
                ctx = ssl.SSLContext()
                ctx.verify_mode = ssl.CERT_NONE
                ctx.check_hostname = False
                ctx.options |= (
                    ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
                )  # RFC 7540 Section 9.2: MUST be TLS >=1.2
                ctx.options |= ssl.OP_NO_COMPRESSION  # RFC 7540 Section 9.2.1: MUST disable compression
                ctx.load_default_certs()
                self.client_stream = await trio.open_ssl_over_tcp_stream(self.host, self.port, ssl_context=ctx)
            else:
                self.client_stream = await trio.open_tcp_stream(self.host, self.port)
        except OSError as exc:
            raise BUIserverException(str(exc))

        self.logger.debug('Connected')
        self.connected = True
        return self.client_stream 
开发者ID:ziirish,项目名称:burp-ui,代码行数:22,代码来源:parallel.py

示例4: _wrap_sni_socket

# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def _wrap_sni_socket(sock, sslopt, hostname):
    context = ssl.SSLContext(sslopt.get('ssl_version', ssl.PROTOCOL_TLS))
    context.options |= ssl.OP_NO_SSLv2  # Explicitly disable SSLv2
    context.options |= ssl.OP_NO_SSLv3  # Explicitly disable SSLv3
    context.options |= ssl.OP_NO_TLSv1  # Explicitly disable TLSv1.0
    context.options |= ssl.OP_NO_TLSv1_1  # Explicitly disable TLSv1.1

    if sslopt.get('cert_reqs', ssl.CERT_NONE) != ssl.CERT_NONE:
        capath = ssl.get_default_verify_paths().capath
        context.load_verify_locations(
            cafile=sslopt.get('ca_certs', None),
            capath=sslopt.get('ca_cert_path', capath)
        )

    return context.wrap_socket(
        sock,
        do_handshake_on_connect=sslopt.get('do_handshake_on_connect', True),
        suppress_ragged_eofs=sslopt.get('suppress_ragged_eofs', True),
        server_hostname=hostname,
    ) 
开发者ID:jellyfin,项目名称:jellyfin-kodi,代码行数:22,代码来源:websocket.py

示例5: parse_ssl_opts

# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def parse_ssl_opts(self):
        """
        Parses ssl options and creates a SSLContext if self.secure is True.
        """
        if not self.secure:
            return

        ssl_context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
        ssl_context.options |= ssl.OP_NO_TLSv1
        ssl_context.options |= ssl.OP_NO_TLSv1_1

        if not self.ssl_options.get('verify_certificate', True):
            ssl_context.check_hostname = False
            ssl_context.verify_mode = ssl.CERT_NONE

        if self.ssl_options.get('key') and self.ssl_options.get('cert'):
            ssl_context.load_cert_chain(
                self.ssl_options.get('cert'),
                keyfile=self.ssl_options.get('key')
            )

        ssl_context.set_ciphers('ECDHE+AESGCM')
        ssl_context.set_alpn_protocols(AlPN_PROTOCOLS)

        self.ssl_context = ssl_context 
开发者ID:vladmunteanu,项目名称:th2c,代码行数:27,代码来源:connection.py

示例6: get_http2_ssl_context

# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def get_http2_ssl_context():
    """
    This function creates an SSLContext object that is suitably configured for
    HTTP/2. If you're working with Python TLS directly, you'll want to do the
    exact same setup as this function does.
    """
    # Get the basic context from the standard library.
    ctx = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)

    # RFC 7540 Section 9.2: Implementations of HTTP/2 MUST use TLS version 1.2
    # or higher. Disable TLS 1.1 and lower.
    ctx.options |= (
        ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
    )

    # RFC 7540 Section 9.2.1: A deployment of HTTP/2 over TLS 1.2 MUST disable
    # compression.
    ctx.options |= ssl.OP_NO_COMPRESSION

    # RFC 7540 Section 9.2.2: "deployments of HTTP/2 that use TLS 1.2 MUST
    # support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". In practice, the
    # blocklist defined in this section allows only the AES GCM and ChaCha20
    # cipher suites with ephemeral key negotiation.
    ctx.set_ciphers("ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20")

    # We want to negotiate using NPN and ALPN. ALPN is mandatory, but NPN may
    # be absent, so allow that. This setup allows for negotiation of HTTP/1.1.
    ctx.set_alpn_protocols(["h2", "http/1.1"])

    try:
        ctx.set_npn_protocols(["h2", "http/1.1"])
    except NotImplementedError:
        pass

    return ctx 
开发者ID:python-hyper,项目名称:hyper-h2,代码行数:37,代码来源:server_https_setup_fragment.py

示例7: get_http2_ssl_context

# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def get_http2_ssl_context():
    """
    This function creates an SSLContext object that is suitably configured for
    HTTP/2. If you're working with Python TLS directly, you'll want to do the
    exact same setup as this function does.
    """
    # Get the basic context from the standard library.
    ctx = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH)

    # RFC 7540 Section 9.2: Implementations of HTTP/2 MUST use TLS version 1.2
    # or higher. Disable TLS 1.1 and lower.
    ctx.options |= (
        ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
    )

    # RFC 7540 Section 9.2.1: A deployment of HTTP/2 over TLS 1.2 MUST disable
    # compression.
    ctx.options |= ssl.OP_NO_COMPRESSION

    # RFC 7540 Section 9.2.2: "deployments of HTTP/2 that use TLS 1.2 MUST
    # support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". In practice, the
    # blocklist defined in this section allows only the AES GCM and ChaCha20
    # cipher suites with ephemeral key negotiation.
    ctx.set_ciphers("ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20")

    # We want to negotiate using NPN and ALPN. ALPN is mandatory, but NPN may
    # be absent, so allow that. This setup allows for negotiation of HTTP/1.1.
    ctx.set_alpn_protocols(["h2", "http/1.1"])

    try:
        ctx.set_npn_protocols(["h2", "http/1.1"])
    except NotImplementedError:
        pass

    return ctx 
开发者ID:python-hyper,项目名称:hyper-h2,代码行数:37,代码来源:client_https_setup_fragment.py

示例8: create_ssl_context

# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def create_ssl_context(certfile, keyfile):
    ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
    ssl_context.options |= (
        ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_COMPRESSION
    )
    ssl_context.set_ciphers("ECDHE+AESGCM")
    ssl_context.load_cert_chain(certfile=certfile, keyfile=keyfile)
    ssl_context.set_alpn_protocols(["h2"])
    return ssl_context 
开发者ID:python-hyper,项目名称:hyper-h2,代码行数:11,代码来源:tornado-server.py

示例9: send_stats

# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def send_stats(version, uniqid, runtime):
    #Because this is run as a subprocess we need to start logging again
    logger_send_stats = setup_logging(logfilepath="logs/send_stats.log",loggername="send_stats")

    destination="https://statscollector.rpisurv.net"

    #SSL options
    context = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile="core/util/statscollector.rpisurv.net.pem")
    #Force TLS higher then 1.1
    context.options |= ssl.OP_NO_SSLv2
    context.options |= ssl.OP_NO_SSLv3
    context.options |= ssl.OP_NO_TLSv1
    context.options |= ssl.OP_NO_TLSv1_1
    #Normally this has been set by ssl.Purpose.SERVER_AUTH but for safety in future explicitly set CERT_REQUIRED
    context.verify_mode = ssl.CERT_REQUIRED
    httpshandler = urllib2.HTTPSHandler(context=context)

    opener = urllib2.build_opener(httpshandler)
    opener.addheaders=[
        ('User-Agent', uniqid),
        ('Pragma', 'no-cache'),
        ('Cache-Control', 'no-cache')
    ]
    #Extra info will be send via cookie headers
    #opener.addheaders.append(('Cookie', 'runtime='+ runtime + ';reservedkey=reservedvalue'))
    opener.addheaders.append(('Cookie', 'runtime='+ runtime + ';version='+ str(version)  ))

    urllib2.install_opener(opener)

    #f = opener.open("http://httpbin.org/cookies")
    logger_send_stats.debug("Start sending uniqid " + uniqid + ", runtime " + runtime + ", version " + str(version) + " to " + destination + " for updating stats rpisurv community")
    try:
        response = opener.open(destination, timeout=20)
    except urllib2.HTTPError, e:
        logger_send_stats.error("There was an error connecting to the statistics server at " + destination + ". Failed with code " + str(e.code)) 
开发者ID:SvenVD,项目名称:rpisurv,代码行数:37,代码来源:stats.py

示例10: test_create_ssl_context

# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def test_create_ssl_context() -> None:
    path = os.path.join(os.path.dirname(__file__), "assets/config_ssl.py")
    config = Config.from_pyfile(path)
    context = config.create_ssl_context()
    assert context.options & (
        ssl.OP_NO_SSLv2
        | ssl.OP_NO_SSLv3
        | ssl.OP_NO_TLSv1
        | ssl.OP_NO_TLSv1_1
        | ssl.OP_NO_COMPRESSION
    ) 
开发者ID:pgjones,项目名称:hypercorn,代码行数:13,代码来源:test_config.py

示例11: create_secure_context

# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def create_secure_context(
    server_cert: Path, server_key: Path, *, trusted: Path,
) -> ssl.SSLContext:
    ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
    ctx.verify_mode = ssl.CERT_REQUIRED
    ctx.load_cert_chain(str(server_cert), str(server_key))
    ctx.load_verify_locations(str(trusted))
    ctx.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
    ctx.set_ciphers('ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20')
    ctx.set_alpn_protocols(['h2'])
    try:
        ctx.set_npn_protocols(['h2'])
    except NotImplementedError:
        pass
    return ctx 
开发者ID:vmagamedov,项目名称:grpclib,代码行数:17,代码来源:server.py

示例12: create_secure_context

# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def create_secure_context(
    client_cert: Path, client_key: Path, *, trusted: Path,
) -> ssl.SSLContext:
    ctx = ssl.SSLContext(ssl.PROTOCOL_TLS)
    ctx.verify_mode = ssl.CERT_REQUIRED
    ctx.load_cert_chain(str(client_cert), str(client_key))
    ctx.load_verify_locations(str(trusted))
    ctx.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
    ctx.set_ciphers('ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20')
    ctx.set_alpn_protocols(['h2'])
    try:
        ctx.set_npn_protocols(['h2'])
    except NotImplementedError:
        pass
    return ctx 
开发者ID:vmagamedov,项目名称:grpclib,代码行数:17,代码来源:client.py

示例13: server_context_modern

# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def server_context_modern() -> ssl.SSLContext:
    """Return an SSL context following the Mozilla recommendations.
    TLS configuration follows the best-practice guidelines specified here:
    https://wiki.mozilla.org/Security/Server_Side_TLS
    Modern guidelines are followed.
    """
    context = ssl.SSLContext(ssl.PROTOCOL_TLS)  # pylint: disable=no-member

    context.options |= (
        ssl.OP_NO_SSLv2
        | ssl.OP_NO_SSLv3
        | ssl.OP_NO_TLSv1
        | ssl.OP_NO_TLSv1_1
        | ssl.OP_CIPHER_SERVER_PREFERENCE
    )
    if hasattr(ssl, "OP_NO_COMPRESSION"):
        context.options |= ssl.OP_NO_COMPRESSION

    context.set_ciphers(
        "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:"
        "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:"
        "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:"
        "ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:"
        "ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
    )

    return context 
开发者ID:NabuCasa,项目名称:hass-nabucasa,代码行数:29,代码来源:utils.py

示例14: main

# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def main():
    try:
        server = ThreadedHTTPServer(('', port), PW2PYwebHandler)
        server.daemon_threads = True
        server.auth = b64encode(credentials)
        if secure:
            if sys.hexversion < 0x02071000:
                #server.socket = ssl.wrap_socket (server.socket, certfile='./server.pem', server_side=True, ssl_version=ssl.PROTOCOL_TLSv1_2)
                server.socket = ssl.wrap_socket (server.socket, certfile='./server.pem', server_side=True, ssl_version=ssl.PROTOCOL_TLSv1)
            else:
                ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
                ctx.load_cert_chain(certfile="./server.pem")
                ctx.options |= ssl.OP_NO_TLSv1
                ctx.options |= ssl.OP_NO_TLSv1_1
                ctx.options |= ssl.OP_CIPHER_SERVER_PREFERENCE
                ctx.set_ciphers('ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA')
                server.socket = ctx.wrap_socket(server.socket, server_side=True)
            
            info('started secure https server at port %d' % (port,))
        else: 
            info('started http server at port %d' % (port,))
        server.serve_forever()
    except KeyboardInterrupt:
        print('^C received, shutting down server')
        server.shutdown()
        print "exit after server.shutdown()" 
开发者ID:SevenW,项目名称:Plugwise-2-py,代码行数:28,代码来源:Plugwise-2-web.py

示例15: Send

# 需要导入模块: import ssl [as 别名]
# 或者: from ssl import OP_NO_TLSv1_1 [as 别名]
def Send(self, data_to_send):
		certs = []

		data_to_send = bytes(data_to_send, 'ascii')

		self._parse_input(input_data=data_to_send)

		for data_packet in self.input_chunks:
			k, c = self._create_cert(serial=data_packet, cn=self.server)
			certs.append([k,c])

		i = 0

		for k, cert in certs:
			i += 1
			open('/tmp/now.pem', 'wb').write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))#.decode("utf-8") )
			open('/tmp/now.pem', 'ab').write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))#.decode("utf-8") )

			sock = socket.socket()
			sock.bind((self.server, self.port))
			sock.listen(1)

			context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
			context.load_cert_chain(certfile='/tmp/now.pem')
			context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1  # optional
			context.set_ciphers('EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH')

			sys.stdout.write("Serving cert %s.\n" % i)
			ssock, addr = sock.accept()
			try:
				conn = context.wrap_socket(ssock, server_side=True)
				conn.write(b'HTTP/1.1 200 OK\n\n%s' % conn.getpeername()[0].encode())
			except ssl.SSLError as e:
				print(e)
			finally:
				# conn.close()
				sock.close()
				sys.stdout.write("Cert %i out of %i received.\n" % (i, len(certs))) 
开发者ID:ytisf,项目名称:PyExfil,代码行数:40,代码来源:__init__.py


注:本文中的ssl.OP_NO_TLSv1_1方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。